llm powered analysis

legal Disclaimer

o que é Analise estatica de software?

qual a vantagem de uma llm nesse cenario?

Level 0: No Knowledge Needed — AI fully deobfuscates without assistance.

Level 1: Basic Guidance — Minimal hints to correct minor errors.

Level 2: Structural Correction — Significant guidance needed for structural issues.

Level 3: Major Intervention — Detailed guidance necessary to resolve complex logic errors.

Level 4: Expert Rework — Extensive expert intervention required.

Level 5: Beyond Expert Correction — Errors too fundamental, requiring a complete restart.

No Level(-): Unable to Analyze — AI produced no meaningful output.

Fonte: Ref 1

live demo

🤞

okay, agora como evoluimos?

Fonte: AWS

Experiencias
(empiricas*)

grandes aprendizados

  • Prompt Engineering is overrated
  • NeMo Guardrails
  • RAG

Fontes e sugestões

 

  1. https://arxiv.org/pdf/2505.19887

  2. https://openreview.net/pdf?id=WE_vluYUL-X

  3. https://arxiv.org/pdf/2409.16165

  4. https://proceedings.neurips.cc/paper_files/paper/2024/file/69d97a6493fbf016fff0a751f253ad18-Paper-Datasets_and_Benchmarks_Track.pdf

  5. https://atlas.mitre.org/matrices/ATLAS

  6. https://github.com/NVIDIA-NeMo/Guardrails

  7. https://github.com/dreadnode/rigging

  8. https://github.com/nyu-llm-ctf/nyuctf_agents

  9. https://github.com/enigma-agent/trajectories

  10. https://github.com/lauriewired/ghidramcp

Igor Franca

Security Researcher

GitHub: Horaddrim

LinkedIn: igor-franca

email: igor.franca@owasp.org

GHidra + Claude AI = Profit

By Igor Franca

Made with Slides.com

GHidra + Claude AI = Profit

  • 8

More from Igor Franca